Abstract
This paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege level nor requires any special hardware support. Instead, we place the trusted monitor at the same privilege level and in the same address space with the untrusted VMM to achieve superior efficiency, while proposing a unique mutual-protection mechanism to ensure the integrity of the monitor. Our security analysis demonstrates that our framework can provide high-assurance for event-driven VMM monitoring, even if the highest-privilege VMM is fully compromised. The experimental results show that our framework only incurs trivial performance overhead for enforcing event-driven monitoring policies, exhibiting tremendous performance improvement on previous approaches.
- Amazon ec2. http://aws.amazon.com/ec2, 2016.Google Scholar
- Apachebench. http://httpd.apache.org, 2016.Google Scholar
- Cve. http://cve.mitre.org/, 2016.Google Scholar
- Netperf. http://www.netperf.org/netperf/, 2016.Google Scholar
- A. M. Azab, P. Ning, J. Shah, Q. Chen, and R. Bhutkar. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the ACM conference on Computer and communications security, 2014. Google Scholar
Digital Library
- A.M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N.C. Skalsky. Hypersentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the ACM conference on Computer and communications security, pages 38--49, 2010. Google Scholar
Digital Library
- M. Backes and S. Nurnberger. Oxymoron: Making fine-grained memory randomization practical by allowing code sharing. In Proceedings of the conference on USENIX Security Symposium, 2014.Google Scholar
- A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation, pages 267--283, 2014.Google Scholar
- M. Ben-Yehuda, M.D. Day, Z. Dubitzky, M. Factor, N. Har'El, and A. Gordon. The turtles project: Design and implementation of nested virtualization. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1--6, 2010.Google Scholar
Digital Library
- S. Butt, H.A. Lagar-Cavilla, A. Srivastava, and V. Ganapathy. Self-service cloud computing. In Proceedings of the IEEE Symposium on Security and Privacy, pages 292--307, 2012. Google Scholar
Digital Library
- J. Criswell, N. Dautenhahn, and V. Adve. Kcofi: Complete control-flow integrity for commodity operating system kernels. In Proceedings of the ACM Conference on Computer and Communications Security, pages 253--264, 2014. Google Scholar
Digital Library
- J. Criswell, N. Dautenhahn, and V. Adve. Virtual ghost: protecting applications from hostile operating systems. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 81--96, 2014. Google Scholar
Digital Library
- N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 191--206, 2015. Google Scholar
Digital Library
- D. Evtyushkin, D. Ponomarev, and N. Abu-Ghazaleh. Jump over aslr: Attacking branch predictors to bypass aslr. In IEEE/ACM International Symposium on Microarchitecture, pages 1--13, 2016. Google Scholar
Cross Ref
- R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space aslr. In Proceedings of the IEEE Symposium on Security and Privacy, pages 191--205, 2013. Google Scholar
Digital Library
- Intel. Intel Trusted Execution Technology. February 2011.Google Scholar
- Intel. Intel 64 and IA-32 Architectures Software Developer s Manual: System Programming Guide. March 2013.Google Scholar
- B. Kauer, P. Verissimo, and A. Bessani. Recursive virtual machines for advanced security mechanisms. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, pages 117--122, 2011. Google Scholar
Digital Library
- H. Lee, H. Moon, D. Jang, K. Kim, J. Lee, Y. Paek, and et al. Ki-mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object. In Proceedings of Proceedings of Usenix Security Symposium, pages 511--526, 2013.Google Scholar
- J. Li, Z. Wang, X. Jiang, M. Grace, and S. Bahram. Defeating return-oriented rootkits with return-less kernels. In Proceedings of the 5th European conference on Computer systems, pages 195--208, 2010. Google Scholar
Digital Library
- M. Li, W. Zang, K. Bai, M. Yu, and P. Liu. Mycloud: supporting user-configured privacy protection in cloud computing. In Proceedings of Annual Computer Security Applications Conference, pages 59--68, 2013. Google Scholar
Digital Library
- M. Li, Z. Zha, W. Zang, M. Yu, P. Liu, and K. Bai. Detangling resource management functions from the tcb in privacy-preserving virtualization. In Proceedings of European Symposium on Research in Computer Security, pages 310--325, 2014. Google Scholar
Cross Ref
- Z. Liu, J. Lee, J. Zeng, Y. Wen, Z. Lin, and W. Shi. Cpu transparent protection of os kernel and hypervisor integrity with programmable dram. In Proceedings of the Annual International Symposium on Computer Architecture, pages 392--403, 2013. Google Scholar
Digital Library
- L. Mcvoy and C. Staelin. Lmbench: Portable tools for performance analysis. In Proceedings of the annual conference on USENIX Annual Technical Conference, pages 279--294, 2000.Google Scholar
- V. Mohan, P. Larsen, S. Brunthaler, K. W. Hamlen, and M. Franz. Opaque control-flow integrity. In Proceedings of the Annual Computer Security Applications Conference, pages 339--348, 2015. Google Scholar
Cross Ref
- H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek, and B.B. Kang. Vigilare: toward snoop-based kernel integrity monitor. In Proceedings of the ACM conference on Computer and communications security, pages 28--37, 2012. Google Scholar
Digital Library
- B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the IEEE Symposium on Security and Privacy, pages 233--247, 2008. Google Scholar
Digital Library
- M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the ACM Conference on Computer and Communications Security, pages 477--487, 2009. Google Scholar
Digital Library
- J. Wang, A. Stavrou, and A.K. Ghosh. Hypercheck: A hardware-assisted integrity monitor. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pages 158--177, 2010. Google Scholar
Cross Ref
- Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering kernel rootkits with lightweight hook protection. In Proceedings of the ACM conference on Computer and communications security, pages 545--554, 2009. Google Scholar
Digital Library
- Z. Wang, C. Wu, M. Grace, and X. Jiang. Isolating commodity hosted hypervisors with hyperlock. In Proceedings of the ACM european conference on Computer Systems, pages 127--140, 2012. Google Scholar
Digital Library
- C. Wu, Z. Wang, and X. Jiang. Taming hosted hypervisors with (mostly) deprivileged execution. In Proceedings of Annual Network and Distributed System Security Symposium, pages 1--16, 2013.Google Scholar
- F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Annual Network and Distributed System Security Symposium, 2011. Google Scholar
Digital Library
Recommendations
Dancing with Wolves: Towards Practical Event-driven VMM Monitoring
VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsThis paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege ...
You can teach elephants to dance: agile VM handoff for edge computing
SEC '17: Proceedings of the Second ACM/IEEE Symposium on Edge ComputingVM handoff enables rapid and transparent placement changes to executing code in edge computing use cases where the safety and management attributes of VM encapsulation are important. This versatile primitive offers the functionality of classic live ...
Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware
Intra-process memory isolation is a cornerstone technique of protecting the sensitive data in memory-corruption defenses, such as the shadow stack in control flow integrity (CFI) and the safe region in code pointer integrity (CPI). In this article, we ...







Comments